On Tue, Dec 19, 2000 at 06:45:00PM -0500, Ivan Fox wrote:
> Some of our users need to access an external ftp server. Therefore, we
> setup a rule to use port 20 and 21. However, the ftp server responds their
> request using random high ports, therefore, we need to setup a "returning
> rule" allowing the ftp server coming back using high-ports (>1023).
You can use PASV FTP if the FTP Server Supports this. BTW: i am not sure if
you set up the Port 20 Rule correctly, cause this is a source port, no
destination port. But if you allow connections FROM that port you are
vulnerable to unauthorized connections (nmap for example can scan with
probes from that port). You might want to visit
http://www.freefire.org/articles/ftpexample.php3
my short hands-on tutorial on how the FTP protcol works. Note the links on
that page are not yet finished, but the article is readable.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
